Apache Rat™ Plugin for Apache Maven – SpotBugs Bug Detector Report

Last Published: 2025-05-04 | Version: 0.17-SNAPSHOT | Apache > Creadur > Rat > Apache Rat™ Plugin for Apache Maven > SpotBugs Bug Detector Report

Parent Project

Apache Creadur Rat

Overview

Examples

Project Documentation

Project Information
Project Reports
- Changes
- JIRA Report
- Checkstyle
- Javadoc
- Source Xref
- Test Source Xref
- PMD
- Rat Report
- SpotBugs
- Plugin Documentation

Apache Rat™

Rat from the Command Line

Rat from Ant

Ant Task Introduction

Rat from Maven

Maven Plugin Introduction

Configuring Rat

Rat Output

Developing Rat

Apache Creadur™

The Apache Software Foundation

Contribute

Get Involved

Committer Info

Maven

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes	Bugs	Errors	Missing Classes
20	10	0	0

Files

Class	Bugs
org.apache.rat.mp.AbstractRatMojo	1
org.apache.rat.mp.RatCheckMojo	2
org.apache.rat.mp.RatReportMojo	4
org.apache.rat.mp.Regex	2
org.apache.rat.plugin.HelpMojo	1

org.apache.rat.mp.AbstractRatMojo

Bug	Category	Details	Line	Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	486	Medium

org.apache.rat.mp.RatCheckMojo

Bug	Category	Details	Line	Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	238	Medium
Exception is caught when Exception is not thrown in org.apache.rat.mp.RatCheckMojo.check(ReportConfiguration)	STYLE	REC_CATCH_EXCEPTION	209	Medium

org.apache.rat.mp.RatReportMojo

Bug	Category	Details	Line	Priority
org.apache.rat.mp.RatReportMojo.getSink() may expose internal representation by returning RatReportMojo.sink	MALICIOUS_CODE	EI_EXPOSE_REP	331	Medium
org.apache.rat.mp.RatReportMojo.generate(Sink, SinkFactory, Locale) may expose internal representation by storing an externally mutable object into RatReportMojo.sink	MALICIOUS_CODE	EI_EXPOSE_REP2	261	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	142	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	281	Medium

org.apache.rat.mp.Regex

Bug	Category	Details	Line	Priority
Format string should use %n rather than \n in org.apache.rat.mp.Regex.set(String)	BAD_PRACTICE	VA_FORMAT_STRING_USES_NEWLINE	37	Medium
Format string should use %n rather than \n in org.apache.rat.mp.Regex.setExpression(String)	BAD_PRACTICE	VA_FORMAT_STRING_USES_NEWLINE	33	Medium

org.apache.rat.plugin.HelpMojo

Bug	Category	Details	Line	Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks	SECURITY	XXE_DOCUMENT	77	Medium

Copyright © 2016-2025 The Apache Software Foundation, Licensed under the Apache License, Version 2.0. Apache Creadur, Creadur, Apache Rat, Apache Tentacles, Apache Whisker, Apache and the Apache feather logo are trademarks of The Apache Software Foundation. Oracle and Java are registered trademarks of Oracle and/or its affiliates. All other marks mentioned may be trademarks or registered trademarks of their respective owners.